Tag: malicious
-
Malicious Support Tickets Let Hackers Exploit Atlassian’s Model Context Protocol
A new class of cyberattack is targeting organizations leveraging Atlassian’s Model Context Protocol (MCP), exposing a critical weakness in the boundary between external and internal users. Researchers have demonstrated that malicious support tickets can be weaponized to exploit AI-powered workflows in Atlassian’s Jira Service Management (JSM), enabling attackers to gain privileged access and exfiltrate sensitive…
-
North Korean Hackers Deploy Malware Using Weaponized Calendly and Google Meet Links
The North Korean state-sponsored threat actor group, identified as TA444 (also known as BlueNoroff, Sapphire Sleet, and others), has unleashed a sophisticated malware campaign targeting cryptocurrency foundations. This intricate attack, uncovered by Huntress, leverages weaponized Calendly links and deceptive Google Meet invitations to deliver a barrage of malicious payloads, specifically designed for macOS systems. The…
-
Phishing campaign abuses Cloudflare Tunnels to sneak malware past firewalls
Why is Cloudflare Tunnel being abused?: The appeal of hosting attack infrastructure on Cloudflare Tunnel is that it is incredibly hard to detect or defend against.First, the tunnel is encrypted using HTTPS which means the only way to see what’s inside it is by using some form of TLS inspection. However, this would need to…
-
Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs
Banana Squad exploited GitHub to distribute malicious Python code disguised as legitimate tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/banana-squads-github-malware/
-
Foreign aircraft, domestic risks
Tags: access, attack, authentication, best-practice, blueteam, breach, computer, control, cyber, cybersecurity, data, defense, detection, encryption, firmware, framework, government, Hardware, injection, leak, malicious, malware, monitoring, network, nist, phone, risk, software, supply-chain, technology, threat, update, vulnerabilityCondensed threat matrix Legacy protocols create new attack surfaces : One of the banes of the OT world is the reliance on legacy technology that cannot easily be patched or upgraded without causing major disruptions. Similarly, the Boeing 747-8 employs a hybrid bus architecture. While it integrates modern flight management technologies like the Thales TopFlight Flight…
-
North Korea’s BlueNoroff uses AI deepfakes to push Mac malware in fake Zoom calls
Campaign delivers modular, persistent, Mac-specific malware: Huntress recovered a total of eight distinct malicious binaries, each with specific tasks. The primary implant, ‘Telegram 2’, was written in Nim and embedded itself as a macOS LaunchDaemon to maintain persistence. It acted as a launchpad for the real power tools, including Go-based ‘Root Troy V4’ backdoor and…
-
Hackers Use VBScript Files to Deploy Masslogger Credential Stealer Malware
Seqrite Labs has uncovered a sophisticated variant of the Masslogger credential stealer malware being distributed through VBScript Encoded (.VBE) files. This advanced threat, which likely spreads via spam emails or drive-by downloads, operates as a multi-stage fileless malware, heavily exploiting the Windows Registry to store and execute its malicious payload without writing files to disk.…
-
Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers
Java-based malware targets Minecraft users via fake cheat tools, utilizing the Stargazers Ghost Network distribution-as-a-service (DaaS). Check Point researchers found a multi-stage malware on GitHub targeting Minecraft users via Stargazers DaaS, using Java/.NET stealers disguised as cheat tools. Minecraft, one of the world’s most popular games with over 200 million monthly players and 300 million…
-
Threat Actor Exploit GitHub and Hosted 60 GitHub Repositories with 100s of Malware
A threat actor group known as Banana Squad has been found exploiting GitHub, a cornerstone platform for developers worldwide, by hosting over 60 malicious repositories containing hundreds of trojanized Python files. Discovered by the ReversingLabs threat research team, this campaign represents a shift toward stealthier and more sophisticated tactics in open-source exploitation. Sophisticated Supply Chain…
-
Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense Documents
A former U.S. Central Intelligence Agency (CIA) analyst has been sentenced to little more than three years in prison for unlawfully retaining and transmitting top secret National Defense Information (NDI) to people who were not entitled to receive them and for attempting to cover up the malicious activity.Asif William Rahman, 34, of Vienna, has been…
-
Malicious PyPI Package Targets Developer Credentials
JFrog uncovers multi-stage malware harvesting cloud secrets. Multi-stage malware embedded in a Python package is stealing sensitive cloud infrastructure data, JFrog researchers said Monday. The package steals credentials, configuration files, API tokens and other data from corporate cloud environments. It targets developers using the Chimera sandbox platform. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/malicious-pypi-package-targets-developer-credentials-a-28725
-
New Sorillus RAT Targets European Organizations Through Tunneling Services
An important development discovered in March 2025 by Orange Cyberdefense’s Managed Threat Detection teams in Belgium was that a European client was the subject of a malicious infection chain that used the Sorillus Remote Access Trojan (RAT). Further analysis by the Orange Cyberdefense CERT revealed a broader campaign impacting organizations across Spain, Portugal, Italy, France,…
-
New KimJongRAT Stealer Uses Weaponized LNK File to Deploy PowerShell-Based Dropper
The two new variants of the KimJongRAT stealer have emerged, showcasing the persistent and evolving nature of this malicious tool first identified in 2013. Detailed research by Palo Alto Networks’ Unit 42 reveals that these variants, one employing a Portable Executable (PE) file and the other a PowerShell implementation, leverage a weaponized Windows shortcut (LNK)…
-
LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents
Cybersecurity researchers have disclosed a now-patched security flaw in LangChain’s LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts.The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security.LangSmith is an observability and evaluation platform that allows…
-
XDSpy Threat Actors Exploit Windows LNK Zero-Day Vulnerability to Target Windows System Users
The XDSpy threat actor has been identified as exploiting a Windows LNK zero-day vulnerability, dubbed ZDI-CAN-25373, to target governmental entities in Eastern Europe and Russia. This ongoing campaign, active since March 2025, employs an intricate multi-stage infection chain to deploy the malicious XDigo implant, crafted in Go, as revealed by a detailed investigation stemming from…
-
Hacklink Marketplace Fuels Surge in Covert SEO Poisoning Attacks
New SEO poisoning attacks identified, using Hacklink to hijack search rankings and inject malicious links into sites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hacklink-marketplace-fuels-seo/
-
Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets
Tags: attack, control, exploit, malicious, monitoring, open-source, pypi, rce, remote-code-execution, supply-chainProtection needs a multi-layered approach: Experts are treating the chimera-sandbox-extension incident as more than just another malicious package takedown. While JFrog acted quickly”, alerting PyPI maintainers, removing the package, and updating its Xray scannerresearchers agree that a one-time fix isn’t enough.”Within the last five years, attackers have leveraged PyPI and other package managers to exploit…
-
Hackers Manipulate Search Engines to Push Malicious Sites
A new wave of cybercrime is exploiting the very backbone of internet trust: search engines. Recent research by Netcraft has exposed a sophisticated and organized SEO poisoning operation, where hackers manipulate search engine algorithms to push malicious websites to the top of search results. At the heart of this campaign is a platform known as…
-
Hackers Use Fake Verification Prompt and Clickfix Technique to Deploy Fileless AsyncRAT
Threat actors are leveraging deceptive tactics to distribute a fileless variant of AsyncRAT, a notorious remote access Trojan. Discovered during routine attacker infrastructure analysis, this operation employs a fake verification prompt themed around the >>Clickfix
-
DeerStealer Malware Deployed Through Exploitation of Windows Run Prompt by Threat Actors
The eSentire’s Threat Response Unit (TRU) has uncovered a series of malicious campaigns throughout May 2025, where threat actors have been deploying the DeerStealer malware, also known as XFiles Spyware, using the HijackLoader malware loader. This sophisticated information stealer, peddled on dark-web forums by a user named “LuciferXfiles,” is designed to harvest a wide array…
-
Malicious Chimera Turns Larcenous on Python Package Index
Unlike typical data-stealing malware, this attack tool targets data specific to corporate and cloud infrastructures in order to execute supply chain attacks. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/malicious-chimera-pypi
-
PyPI repositories targeted by malicious ‘Chimera-Sandbox Extensions’
First seen on scworld.com Jump to article: www.scworld.com/news/pypi-repositories-targeted-by-malicious-chimera-sandbox-extensions
-
PyPI repositories targeted by malicious ‘Chimera-Sandbox Extensions’
First seen on scworld.com Jump to article: www.scworld.com/news/pypi-repositories-targeted-by-malicious-chimera-sandbox-extensions
-
Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS Tokens and Sensitive Data
The JFrog Security Research team has uncovered a sophisticated malicious package named >>chimera-sandbox-extensions>chimerai,
-
Malicious Payload Found in JPEG Image Using Steganography and Base64 Obfuscation
Cybersecurity enthusiast Xavier shed light on a sophisticated method of hiding malicious payloads within seemingly innocuous JPEG images. This discovery has sparked significant interest in the infosec community, as it highlights the growing complexity of cyber threats leveraging steganography the art of concealing data within other data. Through dynamic analysis, researchers can uncover these hidden…
-
Massive JSFireTruck Malware Campaign Infects Over 269,000 Websites
Over 269,000 websites have been compromised in a massive malware campaign using the obfuscated JSFireTruck script to stealthily redirect users to malicious sites. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/jsfiretruck-malware-campaign/
-
‘Grafana Ghost’ XSS flaw exposes 47,000 servers to account takeover
From open-redirect to plugin-powered takeover: Based on the PoC shared by OX Security, the exploit leverages a clever combo of client-side path traversal and open-redirect mechanics in Grafana’s staticHandler, the component responsible for serving static files like HTML, CSS, JavaScript, and images from the server to the user’s browser.A potential attack can have a crafted…